97b8d951d161a7e23e58c3e5a813f6b7eee2757d12d57b413288ccb8893ae58d

Analysis

max time kernel
150s
max time network
120s
platform
windows7_x64
resource
win7-20240508-en
resource tags

arch:x64arch:x86image:win7-20240508-enlocale:en-usos:windows7-x64system
submitted
23-05-2024 00:53

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

97b8d951d161a7e23e58c3e5a813f6b7eee2757d12d57b413288ccb8893ae58d.exe
Size

184KB
MD5

27aad56dcb443859ce3a046736664997
SHA1

639606e838d7cff358c244802555433dedcc0d26
SHA256

97b8d951d161a7e23e58c3e5a813f6b7eee2757d12d57b413288ccb8893ae58d
SHA512

3303cecb55f457184541cb4d596c2eff4d099497cf7b13b3c2ed743a59a44281bb282d2a4bf70f9c5f42265c7925150bd8caeea0c4ed21483b42c332425893f1
SSDEEP

1536:UBZY6jZYuQe8ofx1t4oASHwMFM9yvZc86mddjwLR2gQitChl5hj5nizpvJ:gZ5Qe8op74o3dFaWe8wLR4gChlnViFB

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 64 IoCs

Processes:

Unicorn-7619.exeUnicorn-48435.exeUnicorn-10588.exeUnicorn-33644.exeUnicorn-60265.exeUnicorn-62917.exeUnicorn-36865.exeUnicorn-58494.exeUnicorn-20647.exeUnicorn-21053.exeUnicorn-1187.exeUnicorn-28851.exeUnicorn-62353.exeUnicorn-17471.exeUnicorn-21171.exeUnicorn-15586.exeUnicorn-35452.exeUnicorn-54673.exeUnicorn-17663.exeUnicorn-48870.exeUnicorn-42901.exeUnicorn-12362.exeUnicorn-35689.exeUnicorn-58226.exeUnicorn-30152.exeUnicorn-25579.exeUnicorn-10826.exeUnicorn-32809.exeUnicorn-62658.exeUnicorn-8942.exeUnicorn-28808.exeUnicorn-26539.exeUnicorn-15466.exeUnicorn-35332.exeUnicorn-32836.exeUnicorn-60277.exeUnicorn-53157.exeUnicorn-19079.exeUnicorn-51045.exeUnicorn-62270.exeUnicorn-49089.exeUnicorn-56935.exeUnicorn-765.exeUnicorn-11839.exeUnicorn-47013.exeUnicorn-47013.exeUnicorn-44346.exeUnicorn-55399.exeUnicorn-9727.exeUnicorn-64766.exeUnicorn-37609.exeUnicorn-30577.exeUnicorn-14359.exeUnicorn-34225.exeUnicorn-24857.exeUnicorn-62512.exeUnicorn-32689.exeUnicorn-11152.exeUnicorn-22378.exeUnicorn-4588.exeUnicorn-15641.exeUnicorn-35507.exeUnicorn-7660.exeUnicorn-18713.exe

pid	process
2140	Unicorn-7619.exe
2288	Unicorn-48435.exe
2712	Unicorn-10588.exe
2744	Unicorn-33644.exe
2692	Unicorn-60265.exe
2476	Unicorn-62917.exe
2860	Unicorn-36865.exe
2664	Unicorn-58494.exe
1208	Unicorn-20647.exe
832	Unicorn-21053.exe
1216	Unicorn-1187.exe
1492	Unicorn-28851.exe
1156	Unicorn-62353.exe
2504	Unicorn-17471.exe
1200	Unicorn-21171.exe
1368	Unicorn-15586.exe
376	Unicorn-35452.exe
1852	Unicorn-54673.exe
1108	Unicorn-17663.exe
1096	Unicorn-48870.exe
1544	Unicorn-42901.exe
2952	Unicorn-12362.exe
788	Unicorn-35689.exe
2236	Unicorn-58226.exe
600	Unicorn-30152.exe
2392	Unicorn-25579.exe
2332	Unicorn-10826.exe
1576	Unicorn-32809.exe
1740	Unicorn-62658.exe
2100	Unicorn-8942.exe
2176	Unicorn-28808.exe
2064	Unicorn-26539.exe
3064	Unicorn-15466.exe
2356	Unicorn-35332.exe
2720	Unicorn-32836.exe
3000	Unicorn-60277.exe
1236	Unicorn-53157.exe
2840	Unicorn-19079.exe
2980	Unicorn-51045.exe
840	Unicorn-62270.exe
1548	Unicorn-49089.exe
760	Unicorn-56935.exe
536	Unicorn-765.exe
624	Unicorn-11839.exe
1048	Unicorn-47013.exe
672	Unicorn-47013.exe
1172	Unicorn-44346.exe
2020	Unicorn-55399.exe
1892	Unicorn-9727.exe
2800	Unicorn-64766.exe
1292	Unicorn-37609.exe
1832	Unicorn-30577.exe
1268	Unicorn-14359.exe
3060	Unicorn-34225.exe
916	Unicorn-24857.exe
844	Unicorn-62512.exe
340	Unicorn-32689.exe
1504	Unicorn-11152.exe
292	Unicorn-22378.exe
2648	Unicorn-4588.exe
2568	Unicorn-15641.exe
2460	Unicorn-35507.exe
1256	Unicorn-7660.exe
1532	Unicorn-18713.exe

Loads dropped DLL 64 IoCs

Processes:

97b8d951d161a7e23e58c3e5a813f6b7eee2757d12d57b413288ccb8893ae58d.exeUnicorn-7619.exeUnicorn-48435.exeUnicorn-10588.exeWerFault.exeUnicorn-60265.exeUnicorn-62917.exeUnicorn-33644.exeWerFault.exeWerFault.exeUnicorn-36865.exeUnicorn-58494.exeUnicorn-1187.exeUnicorn-21053.exeUnicorn-20647.exeWerFault.exeWerFault.exeWerFault.exe

pid	process
2368	97b8d951d161a7e23e58c3e5a813f6b7eee2757d12d57b413288ccb8893ae58d.exe
2368	97b8d951d161a7e23e58c3e5a813f6b7eee2757d12d57b413288ccb8893ae58d.exe
2140	Unicorn-7619.exe
2368	97b8d951d161a7e23e58c3e5a813f6b7eee2757d12d57b413288ccb8893ae58d.exe
2140	Unicorn-7619.exe
2368	97b8d951d161a7e23e58c3e5a813f6b7eee2757d12d57b413288ccb8893ae58d.exe
2288	Unicorn-48435.exe
2288	Unicorn-48435.exe
2140	Unicorn-7619.exe
2140	Unicorn-7619.exe
2712	Unicorn-10588.exe
2712	Unicorn-10588.exe
2508	WerFault.exe
2508	WerFault.exe
2508	WerFault.exe
2508	WerFault.exe
2508	WerFault.exe
2692	Unicorn-60265.exe
2692	Unicorn-60265.exe
2476	Unicorn-62917.exe
2476	Unicorn-62917.exe
2712	Unicorn-10588.exe
2712	Unicorn-10588.exe
2744	Unicorn-33644.exe
2744	Unicorn-33644.exe
2288	Unicorn-48435.exe
2288	Unicorn-48435.exe
320	WerFault.exe
320	WerFault.exe
320	WerFault.exe
320	WerFault.exe
1416	WerFault.exe
1416	WerFault.exe
1416	WerFault.exe
1416	WerFault.exe
320	WerFault.exe
1416	WerFault.exe
2860	Unicorn-36865.exe
2860	Unicorn-36865.exe
2692	Unicorn-60265.exe
2692	Unicorn-60265.exe
2664	Unicorn-58494.exe
2664	Unicorn-58494.exe
2476	Unicorn-62917.exe
1216	Unicorn-1187.exe
2476	Unicorn-62917.exe
1216	Unicorn-1187.exe
832	Unicorn-21053.exe
832	Unicorn-21053.exe
2744	Unicorn-33644.exe
2744	Unicorn-33644.exe
1208	Unicorn-20647.exe
1208	Unicorn-20647.exe
1776	WerFault.exe
1776	WerFault.exe
1776	WerFault.exe
1776	WerFault.exe
1776	WerFault.exe
1464	WerFault.exe
1464	WerFault.exe
1464	WerFault.exe
1464	WerFault.exe
1464	WerFault.exe
2084	WerFault.exe

Program crash 64 IoCs

Processes:

WerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exe

pid	pid_target	process	target process
2584	2368	WerFault.exe	97b8d951d161a7e23e58c3e5a813f6b7eee2757d12d57b413288ccb8893ae58d.exe
2508	2140	WerFault.exe	Unicorn-7619.exe
320	2288	WerFault.exe	Unicorn-48435.exe
1416	2712	WerFault.exe	Unicorn-10588.exe
1776	2692	WerFault.exe	Unicorn-60265.exe
1464	2476	WerFault.exe	Unicorn-62917.exe
2084	2744	WerFault.exe	Unicorn-33644.exe
1520	2860	WerFault.exe	Unicorn-36865.exe
2704	2664	WerFault.exe	Unicorn-58494.exe
2624	1216	WerFault.exe	Unicorn-1187.exe
2600	832	WerFault.exe	Unicorn-21053.exe
2612	1208	WerFault.exe	Unicorn-20647.exe
2220	1492	WerFault.exe	Unicorn-28851.exe
1460	1156	WerFault.exe	Unicorn-62353.exe
2264	2504	WerFault.exe	Unicorn-17471.exe
1624	1200	WerFault.exe	Unicorn-21171.exe
2960	1852	WerFault.exe	Unicorn-54673.exe
1652	1108	WerFault.exe	Unicorn-17663.exe
876	1368	WerFault.exe	Unicorn-15586.exe
1700	376	WerFault.exe	Unicorn-35452.exe
2996	1096	WerFault.exe	Unicorn-48870.exe
2872	1544	WerFault.exe	Unicorn-42901.exe
1340	2952	WerFault.exe	Unicorn-12362.exe
568	788	WerFault.exe	Unicorn-35689.exe
2028	2236	WerFault.exe	Unicorn-58226.exe
2024	1740	WerFault.exe	Unicorn-62658.exe
2152	600	WerFault.exe	Unicorn-30152.exe
1088	2332	WerFault.exe	Unicorn-10826.exe
1728	2064	WerFault.exe	Unicorn-26539.exe
1472	2392	WerFault.exe	Unicorn-25579.exe
2072	2100	WerFault.exe	Unicorn-8942.exe
2924	2176	WerFault.exe	Unicorn-28808.exe
1476	1576	WerFault.exe	Unicorn-32809.exe
3372	3064	WerFault.exe	Unicorn-15466.exe
3388	2720	WerFault.exe	Unicorn-32836.exe
3484	1236	WerFault.exe	Unicorn-53157.exe
3552	2840	WerFault.exe	Unicorn-19079.exe
3604	536	WerFault.exe	Unicorn-765.exe
3640	1172	WerFault.exe	Unicorn-44346.exe
3672	2356	WerFault.exe	Unicorn-35332.exe
3680	760	WerFault.exe	Unicorn-56935.exe
3692	1436	WerFault.exe	Unicorn-47553.exe
3744	2800	WerFault.exe	Unicorn-64766.exe
3736	1292	WerFault.exe	Unicorn-37609.exe
3824	672	WerFault.exe	Unicorn-47013.exe
3440	1048	WerFault.exe	Unicorn-47013.exe
3472	840	WerFault.exe	Unicorn-62270.exe
3632	3000	WerFault.exe	Unicorn-60277.exe
3816	2980	WerFault.exe	Unicorn-51045.exe
3180	1832	WerFault.exe	Unicorn-30577.exe
3980	340	WerFault.exe	Unicorn-32689.exe
4044	2680	WerFault.exe	Unicorn-6544.exe
4052	1256	WerFault.exe	Unicorn-7660.exe
3364	1532	WerFault.exe	Unicorn-18713.exe
3324	1508	WerFault.exe	Unicorn-53753.exe
3872	1892	WerFault.exe	Unicorn-9727.exe
3896	1956	WerFault.exe	Unicorn-13493.exe
3264	3032	WerFault.exe	Unicorn-39839.exe
3612	2944	WerFault.exe	Unicorn-31771.exe
3140	1548	WerFault.exe	Unicorn-49089.exe
3192	3028	WerFault.exe	Unicorn-39102.exe
3624	2020	WerFault.exe	Unicorn-55399.exe
4104	1960	WerFault.exe	Unicorn-28927.exe
4248	1372	WerFault.exe	Unicorn-58361.exe

Suspicious use of SetWindowsHookEx 64 IoCs

Processes:

97b8d951d161a7e23e58c3e5a813f6b7eee2757d12d57b413288ccb8893ae58d.exeUnicorn-7619.exeUnicorn-48435.exeUnicorn-10588.exeUnicorn-62917.exeUnicorn-60265.exeUnicorn-33644.exeUnicorn-36865.exeUnicorn-58494.exeUnicorn-20647.exeUnicorn-21053.exeUnicorn-1187.exeUnicorn-28851.exeUnicorn-62353.exeUnicorn-21171.exeUnicorn-17471.exeUnicorn-35452.exeUnicorn-15586.exeUnicorn-54673.exeUnicorn-17663.exeUnicorn-48870.exeUnicorn-42901.exeUnicorn-12362.exeUnicorn-35689.exeUnicorn-58226.exeUnicorn-30152.exeUnicorn-25579.exeUnicorn-10826.exeUnicorn-32809.exeUnicorn-62658.exeUnicorn-26539.exeUnicorn-28808.exeUnicorn-15466.exeUnicorn-35332.exeUnicorn-32836.exeUnicorn-60277.exeUnicorn-53157.exeUnicorn-19079.exeUnicorn-51045.exeUnicorn-62270.exeUnicorn-49089.exeUnicorn-56935.exeUnicorn-765.exeUnicorn-47013.exeUnicorn-11839.exeUnicorn-44346.exeUnicorn-47013.exeUnicorn-47553.exeUnicorn-9727.exeUnicorn-55399.exeUnicorn-64766.exeUnicorn-37609.exeUnicorn-30577.exeUnicorn-14359.exeUnicorn-34225.exeUnicorn-24857.exeUnicorn-62512.exeUnicorn-32689.exeUnicorn-11152.exeUnicorn-22378.exeUnicorn-4588.exeUnicorn-15641.exeUnicorn-35507.exeUnicorn-7660.exe

pid	process
2368	97b8d951d161a7e23e58c3e5a813f6b7eee2757d12d57b413288ccb8893ae58d.exe
2140	Unicorn-7619.exe
2288	Unicorn-48435.exe
2712	Unicorn-10588.exe
2476	Unicorn-62917.exe
2692	Unicorn-60265.exe
2744	Unicorn-33644.exe
2860	Unicorn-36865.exe
2664	Unicorn-58494.exe
1208	Unicorn-20647.exe
832	Unicorn-21053.exe
1216	Unicorn-1187.exe
1492	Unicorn-28851.exe
1156	Unicorn-62353.exe
1200	Unicorn-21171.exe
2504	Unicorn-17471.exe
376	Unicorn-35452.exe
1368	Unicorn-15586.exe
1852	Unicorn-54673.exe
1108	Unicorn-17663.exe
1096	Unicorn-48870.exe
1544	Unicorn-42901.exe
2952	Unicorn-12362.exe
788	Unicorn-35689.exe
2236	Unicorn-58226.exe
600	Unicorn-30152.exe
2392	Unicorn-25579.exe
2332	Unicorn-10826.exe
1576	Unicorn-32809.exe
1740	Unicorn-62658.exe
2064	Unicorn-26539.exe
2176	Unicorn-28808.exe
3064	Unicorn-15466.exe
2356	Unicorn-35332.exe
2720	Unicorn-32836.exe
3000	Unicorn-60277.exe
1236	Unicorn-53157.exe
2840	Unicorn-19079.exe
2980	Unicorn-51045.exe
840	Unicorn-62270.exe
1548	Unicorn-49089.exe
760	Unicorn-56935.exe
536	Unicorn-765.exe
1048	Unicorn-47013.exe
624	Unicorn-11839.exe
1172	Unicorn-44346.exe
672	Unicorn-47013.exe
1436	Unicorn-47553.exe
1892	Unicorn-9727.exe
2020	Unicorn-55399.exe
2800	Unicorn-64766.exe
1292	Unicorn-37609.exe
1832	Unicorn-30577.exe
1268	Unicorn-14359.exe
3060	Unicorn-34225.exe
916	Unicorn-24857.exe
844	Unicorn-62512.exe
340	Unicorn-32689.exe
1504	Unicorn-11152.exe
292	Unicorn-22378.exe
2648	Unicorn-4588.exe
2568	Unicorn-15641.exe
2460	Unicorn-35507.exe
1256	Unicorn-7660.exe

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

97b8d951d161a7e23e58c3e5a813f6b7eee2757d12d57b413288ccb8893ae58d.exeUnicorn-7619.exeUnicorn-48435.exeUnicorn-10588.exeUnicorn-60265.exeUnicorn-62917.exeUnicorn-33644.exeUnicorn-36865.exe

description	pid	process	target process
PID 2368 wrote to memory of 2140	2368	97b8d951d161a7e23e58c3e5a813f6b7eee2757d12d57b413288ccb8893ae58d.exe	Unicorn-7619.exe
PID 2368 wrote to memory of 2140	2368	97b8d951d161a7e23e58c3e5a813f6b7eee2757d12d57b413288ccb8893ae58d.exe	Unicorn-7619.exe
PID 2368 wrote to memory of 2140	2368	97b8d951d161a7e23e58c3e5a813f6b7eee2757d12d57b413288ccb8893ae58d.exe	Unicorn-7619.exe
PID 2368 wrote to memory of 2140	2368	97b8d951d161a7e23e58c3e5a813f6b7eee2757d12d57b413288ccb8893ae58d.exe	Unicorn-7619.exe
PID 2140 wrote to memory of 2288	2140	Unicorn-7619.exe	Unicorn-48435.exe
PID 2140 wrote to memory of 2288	2140	Unicorn-7619.exe	Unicorn-48435.exe
PID 2140 wrote to memory of 2288	2140	Unicorn-7619.exe	Unicorn-48435.exe
PID 2140 wrote to memory of 2288	2140	Unicorn-7619.exe	Unicorn-48435.exe
PID 2368 wrote to memory of 2712	2368	97b8d951d161a7e23e58c3e5a813f6b7eee2757d12d57b413288ccb8893ae58d.exe	Unicorn-10588.exe
PID 2368 wrote to memory of 2712	2368	97b8d951d161a7e23e58c3e5a813f6b7eee2757d12d57b413288ccb8893ae58d.exe	Unicorn-10588.exe
PID 2368 wrote to memory of 2712	2368	97b8d951d161a7e23e58c3e5a813f6b7eee2757d12d57b413288ccb8893ae58d.exe	Unicorn-10588.exe
PID 2368 wrote to memory of 2712	2368	97b8d951d161a7e23e58c3e5a813f6b7eee2757d12d57b413288ccb8893ae58d.exe	Unicorn-10588.exe
PID 2368 wrote to memory of 2584	2368	97b8d951d161a7e23e58c3e5a813f6b7eee2757d12d57b413288ccb8893ae58d.exe	WerFault.exe
PID 2368 wrote to memory of 2584	2368	97b8d951d161a7e23e58c3e5a813f6b7eee2757d12d57b413288ccb8893ae58d.exe	WerFault.exe
PID 2368 wrote to memory of 2584	2368	97b8d951d161a7e23e58c3e5a813f6b7eee2757d12d57b413288ccb8893ae58d.exe	WerFault.exe
PID 2368 wrote to memory of 2584	2368	97b8d951d161a7e23e58c3e5a813f6b7eee2757d12d57b413288ccb8893ae58d.exe	WerFault.exe
PID 2288 wrote to memory of 2744	2288	Unicorn-48435.exe	Unicorn-33644.exe
PID 2288 wrote to memory of 2744	2288	Unicorn-48435.exe	Unicorn-33644.exe
PID 2288 wrote to memory of 2744	2288	Unicorn-48435.exe	Unicorn-33644.exe
PID 2288 wrote to memory of 2744	2288	Unicorn-48435.exe	Unicorn-33644.exe
PID 2140 wrote to memory of 2692	2140	Unicorn-7619.exe	Unicorn-60265.exe
PID 2140 wrote to memory of 2692	2140	Unicorn-7619.exe	Unicorn-60265.exe
PID 2140 wrote to memory of 2692	2140	Unicorn-7619.exe	Unicorn-60265.exe
PID 2140 wrote to memory of 2692	2140	Unicorn-7619.exe	Unicorn-60265.exe
PID 2712 wrote to memory of 2476	2712	Unicorn-10588.exe	Unicorn-62917.exe
PID 2712 wrote to memory of 2476	2712	Unicorn-10588.exe	Unicorn-62917.exe
PID 2712 wrote to memory of 2476	2712	Unicorn-10588.exe	Unicorn-62917.exe
PID 2712 wrote to memory of 2476	2712	Unicorn-10588.exe	Unicorn-62917.exe
PID 2140 wrote to memory of 2508	2140	Unicorn-7619.exe	WerFault.exe
PID 2140 wrote to memory of 2508	2140	Unicorn-7619.exe	WerFault.exe
PID 2140 wrote to memory of 2508	2140	Unicorn-7619.exe	WerFault.exe
PID 2140 wrote to memory of 2508	2140	Unicorn-7619.exe	WerFault.exe
PID 2692 wrote to memory of 2860	2692	Unicorn-60265.exe	Unicorn-36865.exe
PID 2692 wrote to memory of 2860	2692	Unicorn-60265.exe	Unicorn-36865.exe
PID 2692 wrote to memory of 2860	2692	Unicorn-60265.exe	Unicorn-36865.exe
PID 2692 wrote to memory of 2860	2692	Unicorn-60265.exe	Unicorn-36865.exe
PID 2476 wrote to memory of 2664	2476	Unicorn-62917.exe	Unicorn-58494.exe
PID 2476 wrote to memory of 2664	2476	Unicorn-62917.exe	Unicorn-58494.exe
PID 2476 wrote to memory of 2664	2476	Unicorn-62917.exe	Unicorn-58494.exe
PID 2476 wrote to memory of 2664	2476	Unicorn-62917.exe	Unicorn-58494.exe
PID 2712 wrote to memory of 1208	2712	Unicorn-10588.exe	Unicorn-20647.exe
PID 2712 wrote to memory of 1208	2712	Unicorn-10588.exe	Unicorn-20647.exe
PID 2712 wrote to memory of 1208	2712	Unicorn-10588.exe	Unicorn-20647.exe
PID 2712 wrote to memory of 1208	2712	Unicorn-10588.exe	Unicorn-20647.exe
PID 2744 wrote to memory of 832	2744	Unicorn-33644.exe	Unicorn-21053.exe
PID 2744 wrote to memory of 832	2744	Unicorn-33644.exe	Unicorn-21053.exe
PID 2744 wrote to memory of 832	2744	Unicorn-33644.exe	Unicorn-21053.exe
PID 2744 wrote to memory of 832	2744	Unicorn-33644.exe	Unicorn-21053.exe
PID 2288 wrote to memory of 1216	2288	Unicorn-48435.exe	Unicorn-1187.exe
PID 2288 wrote to memory of 1216	2288	Unicorn-48435.exe	Unicorn-1187.exe
PID 2288 wrote to memory of 1216	2288	Unicorn-48435.exe	Unicorn-1187.exe
PID 2288 wrote to memory of 1216	2288	Unicorn-48435.exe	Unicorn-1187.exe
PID 2288 wrote to memory of 320	2288	Unicorn-48435.exe	WerFault.exe
PID 2288 wrote to memory of 320	2288	Unicorn-48435.exe	WerFault.exe
PID 2288 wrote to memory of 320	2288	Unicorn-48435.exe	WerFault.exe
PID 2288 wrote to memory of 320	2288	Unicorn-48435.exe	WerFault.exe
PID 2712 wrote to memory of 1416	2712	Unicorn-10588.exe	WerFault.exe
PID 2712 wrote to memory of 1416	2712	Unicorn-10588.exe	WerFault.exe
PID 2712 wrote to memory of 1416	2712	Unicorn-10588.exe	WerFault.exe
PID 2712 wrote to memory of 1416	2712	Unicorn-10588.exe	WerFault.exe
PID 2860 wrote to memory of 1492	2860	Unicorn-36865.exe	Unicorn-28851.exe
PID 2860 wrote to memory of 1492	2860	Unicorn-36865.exe	Unicorn-28851.exe
PID 2860 wrote to memory of 1492	2860	Unicorn-36865.exe	Unicorn-28851.exe
PID 2860 wrote to memory of 1492	2860	Unicorn-36865.exe	Unicorn-28851.exe

C:\Users\Admin\AppData\Local\Temp\97b8d951d161a7e23e58c3e5a813f6b7eee2757d12d57b413288ccb8893ae58d.exe
"C:\Users\Admin\AppData\Local\Temp\97b8d951d161a7e23e58c3e5a813f6b7eee2757d12d57b413288ccb8893ae58d.exe"
1⤵
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2368

C:\Users\Admin\AppData\Local\Temp\Unicorn-7619.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-7619.exe
2⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2140

C:\Users\Admin\AppData\Local\Temp\Unicorn-48435.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-48435.exe
3⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2288

C:\Users\Admin\AppData\Local\Temp\Unicorn-33644.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-33644.exe
4⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2744

C:\Users\Admin\AppData\Local\Temp\Unicorn-21053.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-21053.exe
5⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
PID:832

C:\Users\Admin\AppData\Local\Temp\Unicorn-35452.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-35452.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:376

C:\Users\Admin\AppData\Local\Temp\Unicorn-28808.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-28808.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2176

C:\Users\Admin\AppData\Local\Temp\Unicorn-9727.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-9727.exe
8⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1892

C:\Users\Admin\AppData\Local\Temp\Unicorn-62777.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-62777.exe
9⤵
PID:1780

C:\Users\Admin\AppData\Local\Temp\Unicorn-8337.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-8337.exe
10⤵
PID:3560

C:\Users\Admin\AppData\Local\Temp\Unicorn-12915.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-12915.exe
11⤵
PID:5220

C:\Users\Admin\AppData\Local\Temp\Unicorn-62198.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-62198.exe
12⤵
PID:7420

C:\Users\Admin\AppData\Local\Temp\Unicorn-37166.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-37166.exe
13⤵
PID:11016

C:\Users\Admin\AppData\Local\Temp\Unicorn-58554.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-58554.exe
14⤵
PID:6464

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 11016 -s 216
14⤵
PID:7268

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7420 -s 236
13⤵
PID:11716

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5220 -s 216
12⤵
PID:8932

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3560 -s 216
11⤵
PID:7032

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1780 -s 216
10⤵
PID:4768

C:\Users\Admin\AppData\Local\Temp\Unicorn-18681.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-18681.exe
9⤵
PID:3108

C:\Users\Admin\AppData\Local\Temp\Unicorn-52457.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-52457.exe
10⤵
PID:4676

C:\Users\Admin\AppData\Local\Temp\Unicorn-5689.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-5689.exe
11⤵
PID:6376

C:\Users\Admin\AppData\Local\Temp\Unicorn-44254.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-44254.exe
12⤵
PID:8948

C:\Users\Admin\AppData\Local\Temp\Unicorn-26434.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-26434.exe
13⤵
PID:12168

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8948 -s 236
13⤵
PID:13064

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6376 -s 216
12⤵
PID:9752

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4676 -s 216
11⤵
PID:8032

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3108 -s 236
10⤵
PID:5572

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1892 -s 240
9⤵
- Program crash
PID:3872

C:\Users\Admin\AppData\Local\Temp\Unicorn-11905.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-11905.exe
8⤵
PID:1940

C:\Users\Admin\AppData\Local\Temp\Unicorn-1551.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-1551.exe
9⤵
PID:3004

C:\Users\Admin\AppData\Local\Temp\Unicorn-32944.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-32944.exe
10⤵
PID:3436

C:\Users\Admin\AppData\Local\Temp\Unicorn-3749.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-3749.exe
11⤵
PID:6048

C:\Users\Admin\AppData\Local\Temp\Unicorn-43650.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-43650.exe
12⤵
PID:8240

C:\Users\Admin\AppData\Local\Temp\Unicorn-2530.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-2530.exe
13⤵
PID:11248

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8240 -s 216
13⤵
PID:12200

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6048 -s 216
12⤵
PID:9388

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3436 -s 216
11⤵
PID:6792

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3004 -s 216
10⤵
PID:5276

C:\Users\Admin\AppData\Local\Temp\Unicorn-36243.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-36243.exe
9⤵
PID:3588

C:\Users\Admin\AppData\Local\Temp\Unicorn-24300.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-24300.exe
10⤵
PID:6124

C:\Users\Admin\AppData\Local\Temp\Unicorn-51927.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-51927.exe
11⤵
PID:8208

C:\Users\Admin\AppData\Local\Temp\Unicorn-1518.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-1518.exe
12⤵
PID:11192

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8208 -s 216
12⤵
PID:12012

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6124 -s 216
11⤵
PID:9380

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3588 -s 216
10⤵
PID:7044

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1940 -s 240
9⤵
PID:5312

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2176 -s 240
8⤵
- Program crash
PID:2924

C:\Users\Admin\AppData\Local\Temp\Unicorn-55399.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-55399.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2020

C:\Users\Admin\AppData\Local\Temp\Unicorn-31771.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-31771.exe
8⤵
PID:2944

C:\Users\Admin\AppData\Local\Temp\Unicorn-40659.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-40659.exe
9⤵
PID:632

C:\Users\Admin\AppData\Local\Temp\Unicorn-56430.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-56430.exe
10⤵
PID:4664

C:\Users\Admin\AppData\Local\Temp\Unicorn-28372.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-28372.exe
11⤵
PID:6720

C:\Users\Admin\AppData\Local\Temp\Unicorn-17845.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-17845.exe
12⤵
PID:9972

C:\Users\Admin\AppData\Local\Temp\Unicorn-51652.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-51652.exe
13⤵
PID:12832

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9972 -s 216
13⤵
PID:12924

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6720 -s 216
12⤵
PID:10884

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4664 -s 216
11⤵
PID:8508

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 632 -s 216
10⤵
PID:6308

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2944 -s 216
9⤵
- Program crash
PID:3612

C:\Users\Admin\AppData\Local\Temp\Unicorn-53300.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-53300.exe
8⤵
PID:3080

C:\Users\Admin\AppData\Local\Temp\Unicorn-2244.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-2244.exe
9⤵
PID:4804

C:\Users\Admin\AppData\Local\Temp\Unicorn-49265.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-49265.exe
10⤵
PID:6676

C:\Users\Admin\AppData\Local\Temp\Unicorn-40658.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-40658.exe
11⤵
PID:8204

C:\Users\Admin\AppData\Local\Temp\Unicorn-606.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-606.exe
12⤵
PID:12236

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8204 -s 216
12⤵
PID:13076

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6676 -s 216
11⤵
PID:10292

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4804 -s 216
10⤵
PID:7212

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3080 -s 236
9⤵
PID:5900

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2020 -s 240
8⤵
- Program crash
PID:3624

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 376 -s 240
7⤵
- Program crash
PID:1700

C:\Users\Admin\AppData\Local\Temp\Unicorn-26539.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-26539.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2064

C:\Users\Admin\AppData\Local\Temp\Unicorn-11839.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-11839.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:624

C:\Users\Admin\AppData\Local\Temp\Unicorn-13493.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-13493.exe
8⤵
PID:1956

C:\Users\Admin\AppData\Local\Temp\Unicorn-1551.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-1551.exe
9⤵
PID:1736

C:\Users\Admin\AppData\Local\Temp\Unicorn-5669.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-5669.exe
10⤵
PID:4612

C:\Users\Admin\AppData\Local\Temp\Unicorn-20085.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-20085.exe
11⤵
PID:6192

C:\Users\Admin\AppData\Local\Temp\Unicorn-18304.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-18304.exe
12⤵
PID:8608

C:\Users\Admin\AppData\Local\Temp\Unicorn-56250.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-56250.exe
13⤵
PID:11648

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8608 -s 236
13⤵
PID:12460

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6192 -s 236
12⤵
PID:10176

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4612 -s 216
11⤵
PID:7932

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1736 -s 216
10⤵
PID:5380

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1956 -s 216
9⤵
- Program crash
PID:3896

C:\Users\Admin\AppData\Local\Temp\Unicorn-14192.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-14192.exe
8⤵
PID:2468

C:\Users\Admin\AppData\Local\Temp\Unicorn-37774.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-37774.exe
9⤵
PID:4988

C:\Users\Admin\AppData\Local\Temp\Unicorn-27392.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-27392.exe
10⤵
PID:6536

C:\Users\Admin\AppData\Local\Temp\Unicorn-34846.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-34846.exe
11⤵
PID:9136

C:\Users\Admin\AppData\Local\Temp\Unicorn-1566.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-1566.exe
12⤵
PID:12276

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9136 -s 236
12⤵
PID:13112

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6536 -s 216
11⤵
PID:9376

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4988 -s 216
10⤵
PID:8072

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2468 -s 216
9⤵
PID:5244

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 624 -s 220
8⤵
PID:4288

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2064 -s 236
7⤵
- Program crash
PID:1728

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 832 -s 240
6⤵
- Program crash
PID:2600

C:\Users\Admin\AppData\Local\Temp\Unicorn-54673.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-54673.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1852

C:\Users\Admin\AppData\Local\Temp\Unicorn-10826.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-10826.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2332

C:\Users\Admin\AppData\Local\Temp\Unicorn-18713.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-18713.exe
7⤵
- Executes dropped EXE
PID:1532

C:\Users\Admin\AppData\Local\Temp\Unicorn-35153.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-35153.exe
8⤵
PID:380

C:\Users\Admin\AppData\Local\Temp\Unicorn-14563.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-14563.exe
9⤵
PID:4176

C:\Users\Admin\AppData\Local\Temp\Unicorn-65177.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-65177.exe
10⤵
PID:5876

C:\Users\Admin\AppData\Local\Temp\Unicorn-64714.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-64714.exe
11⤵
PID:8904

C:\Users\Admin\AppData\Local\Temp\Unicorn-49747.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-49747.exe
12⤵
PID:10856

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8904 -s 216
12⤵
PID:12132

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5876 -s 216
11⤵
PID:9904

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4176 -s 236
10⤵
PID:7584

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 380 -s 236
9⤵
PID:6004

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1532 -s 236
8⤵
- Program crash
PID:3364

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2332 -s 216
7⤵
- Program crash
PID:1088

C:\Users\Admin\AppData\Local\Temp\Unicorn-47013.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-47013.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:672

C:\Users\Admin\AppData\Local\Temp\Unicorn-6005.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-6005.exe
7⤵
PID:3056

C:\Users\Admin\AppData\Local\Temp\Unicorn-35039.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-35039.exe
8⤵
PID:3204

C:\Users\Admin\AppData\Local\Temp\Unicorn-9121.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-9121.exe
9⤵
PID:3876

C:\Users\Admin\AppData\Local\Temp\Unicorn-55957.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-55957.exe
10⤵
PID:5564

C:\Users\Admin\AppData\Local\Temp\Unicorn-56602.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-56602.exe
11⤵
PID:8012

C:\Users\Admin\AppData\Local\Temp\Unicorn-20802.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-20802.exe
12⤵
PID:11068

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8012 -s 216
12⤵
PID:2148

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5564 -s 216
11⤵
PID:9028

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3876 -s 216
10⤵
PID:6208

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3204 -s 236
9⤵
PID:4404

C:\Users\Admin\AppData\Local\Temp\Unicorn-8410.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-8410.exe
8⤵
PID:4008

C:\Users\Admin\AppData\Local\Temp\Unicorn-55957.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-55957.exe
9⤵
PID:5556

C:\Users\Admin\AppData\Local\Temp\Unicorn-34973.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-34973.exe
10⤵
PID:7484

C:\Users\Admin\AppData\Local\Temp\Unicorn-4948.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-4948.exe
11⤵
PID:10792

C:\Users\Admin\AppData\Local\Temp\Unicorn-37404.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-37404.exe
12⤵
PID:7004

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7484 -s 216
11⤵
PID:11940

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5556 -s 216
10⤵
PID:1848

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4008 -s 216
9⤵
PID:6220

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3056 -s 240
8⤵
PID:4488

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 672 -s 236
7⤵
- Program crash
PID:3824

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1852 -s 240
6⤵
- Program crash
PID:2960

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2744 -s 240
5⤵
- Loads dropped DLL
- Program crash
PID:2084

C:\Users\Admin\AppData\Local\Temp\Unicorn-1187.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-1187.exe
4⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
PID:1216

C:\Users\Admin\AppData\Local\Temp\Unicorn-21171.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-21171.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1200

C:\Users\Admin\AppData\Local\Temp\Unicorn-30152.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-30152.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:600

C:\Users\Admin\AppData\Local\Temp\Unicorn-765.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-765.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:536

C:\Users\Admin\AppData\Local\Temp\Unicorn-28735.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-28735.exe
8⤵
PID:2004

C:\Users\Admin\AppData\Local\Temp\Unicorn-7628.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-7628.exe
9⤵
PID:3092

C:\Users\Admin\AppData\Local\Temp\Unicorn-62318.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-62318.exe
10⤵
PID:4088

C:\Users\Admin\AppData\Local\Temp\Unicorn-54421.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-54421.exe
11⤵
PID:5624

C:\Users\Admin\AppData\Local\Temp\Unicorn-7723.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-7723.exe
12⤵
PID:7496

C:\Users\Admin\AppData\Local\Temp\Unicorn-20434.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-20434.exe
13⤵
PID:10924

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7496 -s 216
13⤵
PID:11956

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5624 -s 216
12⤵
PID:8452

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4088 -s 216
11⤵
PID:6372

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3092 -s 216
10⤵
PID:4636

C:\Users\Admin\AppData\Local\Temp\Unicorn-30039.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-30039.exe
9⤵
PID:3232

C:\Users\Admin\AppData\Local\Temp\Unicorn-27364.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-27364.exe
10⤵
PID:5828

C:\Users\Admin\AppData\Local\Temp\Unicorn-45134.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-45134.exe
11⤵
PID:7852

C:\Users\Admin\AppData\Local\Temp\Unicorn-17004.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-17004.exe
12⤵
PID:11232

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7852 -s 216
12⤵
PID:12020

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5828 -s 236
11⤵
PID:9300

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3232 -s 236
10⤵
PID:6636

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2004 -s 240
9⤵
PID:2492

C:\Users\Admin\AppData\Local\Temp\Unicorn-31426.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-31426.exe
8⤵
PID:3144

C:\Users\Admin\AppData\Local\Temp\Unicorn-1441.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-1441.exe
9⤵
PID:3936

C:\Users\Admin\AppData\Local\Temp\Unicorn-62262.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-62262.exe
10⤵
PID:5580

C:\Users\Admin\AppData\Local\Temp\Unicorn-47910.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-47910.exe
11⤵
PID:7560

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7560 -s 300
12⤵
PID:11548

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5580 -s 216
11⤵
PID:9072

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3936 -s 236
10⤵
PID:6280

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3144 -s 236
9⤵
PID:4512

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 536 -s 220
8⤵
- Program crash
PID:3604

C:\Users\Admin\AppData\Local\Temp\Unicorn-39102.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-39102.exe
7⤵
PID:3028

C:\Users\Admin\AppData\Local\Temp\Unicorn-10124.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-10124.exe
8⤵
PID:2592

C:\Users\Admin\AppData\Local\Temp\Unicorn-19842.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-19842.exe
9⤵
PID:4748

C:\Users\Admin\AppData\Local\Temp\Unicorn-43645.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-43645.exe
10⤵
PID:6496

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6496 -s 220
11⤵
PID:9172

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4748 -s 216
10⤵
PID:8064

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2592 -s 216
9⤵
PID:5760

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3028 -s 216
8⤵
- Program crash
PID:3192

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 600 -s 240
7⤵
- Program crash
PID:2152

C:\Users\Admin\AppData\Local\Temp\Unicorn-47013.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-47013.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1048

C:\Users\Admin\AppData\Local\Temp\Unicorn-53753.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-53753.exe
7⤵
PID:1508

C:\Users\Admin\AppData\Local\Temp\Unicorn-62480.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-62480.exe
8⤵
PID:3016

C:\Users\Admin\AppData\Local\Temp\Unicorn-36515.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-36515.exe
9⤵
PID:4424

C:\Users\Admin\AppData\Local\Temp\Unicorn-14409.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-14409.exe
10⤵
PID:5632

C:\Users\Admin\AppData\Local\Temp\Unicorn-37639.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-37639.exe
11⤵
PID:9124

C:\Users\Admin\AppData\Local\Temp\Unicorn-46151.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-46151.exe
12⤵
PID:11348

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9124 -s 216
12⤵
PID:11336

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5632 -s 216
11⤵
PID:9404

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4424 -s 236
10⤵
PID:7692

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3016 -s 216
9⤵
PID:5456

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1508 -s 236
8⤵
- Program crash
PID:3324

C:\Users\Admin\AppData\Local\Temp\Unicorn-46263.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-46263.exe
7⤵
PID:1528

C:\Users\Admin\AppData\Local\Temp\Unicorn-54070.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-54070.exe
8⤵
PID:3200

C:\Users\Admin\AppData\Local\Temp\Unicorn-38685.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-38685.exe
9⤵
PID:5108

C:\Users\Admin\AppData\Local\Temp\Unicorn-9607.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-9607.exe
10⤵
PID:8352

C:\Users\Admin\AppData\Local\Temp\Unicorn-16480.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-16480.exe
11⤵
PID:10752

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8352 -s 216
11⤵
PID:12080

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5108 -s 216
10⤵
PID:9484

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3200 -s 216
9⤵
PID:6484

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1528 -s 236
8⤵
PID:5516

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1048 -s 240
7⤵
- Program crash
PID:3440

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1200 -s 240
6⤵
- Program crash
PID:1624

C:\Users\Admin\AppData\Local\Temp\Unicorn-25579.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-25579.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2392

C:\Users\Admin\AppData\Local\Temp\Unicorn-44346.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-44346.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1172

C:\Users\Admin\AppData\Local\Temp\Unicorn-13434.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-13434.exe
7⤵
PID:2532

C:\Users\Admin\AppData\Local\Temp\Unicorn-4227.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-4227.exe
8⤵
PID:3880

C:\Users\Admin\AppData\Local\Temp\Unicorn-62144.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-62144.exe
9⤵
PID:4444

C:\Users\Admin\AppData\Local\Temp\Unicorn-64534.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-64534.exe
10⤵
PID:7248

C:\Users\Admin\AppData\Local\Temp\Unicorn-22453.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-22453.exe
11⤵
PID:10036

C:\Users\Admin\AppData\Local\Temp\Unicorn-45388.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-45388.exe
12⤵
PID:12656

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10036 -s 220
12⤵
PID:12728

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7248 -s 216
11⤵
PID:10892

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4444 -s 216
10⤵
PID:8804

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3880 -s 216
9⤵
PID:6408

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2532 -s 236
8⤵
PID:5016

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1172 -s 236
7⤵
- Program crash
PID:3640

C:\Users\Admin\AppData\Local\Temp\Unicorn-39102.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-39102.exe
6⤵
PID:2096

C:\Users\Admin\AppData\Local\Temp\Unicorn-17805.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-17805.exe
7⤵
PID:2888

C:\Users\Admin\AppData\Local\Temp\Unicorn-46736.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-46736.exe
8⤵
PID:5060

C:\Users\Admin\AppData\Local\Temp\Unicorn-54652.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-54652.exe
9⤵
PID:6928

C:\Users\Admin\AppData\Local\Temp\Unicorn-46569.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-46569.exe
10⤵
PID:8956

C:\Users\Admin\AppData\Local\Temp\Unicorn-28505.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-28505.exe
11⤵
PID:11516

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8956 -s 236
11⤵
PID:13124

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6928 -s 216
10⤵
PID:10384

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5060 -s 216
9⤵
PID:7516

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2888 -s 236
8⤵
PID:5976

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2096 -s 236
7⤵
PID:4296

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2392 -s 240
6⤵
- Program crash
PID:1472

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1216 -s 240
5⤵
- Program crash
PID:2624

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2288 -s 240
4⤵
- Loads dropped DLL
- Program crash
PID:320

C:\Users\Admin\AppData\Local\Temp\Unicorn-60265.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-60265.exe
3⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2692

C:\Users\Admin\AppData\Local\Temp\Unicorn-36865.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-36865.exe
4⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2860

C:\Users\Admin\AppData\Local\Temp\Unicorn-28851.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-28851.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1492

C:\Users\Admin\AppData\Local\Temp\Unicorn-48870.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-48870.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1096

C:\Users\Admin\AppData\Local\Temp\Unicorn-35332.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-35332.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2356

C:\Users\Admin\AppData\Local\Temp\Unicorn-62512.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-62512.exe
8⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:844

C:\Users\Admin\AppData\Local\Temp\Unicorn-46917.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-46917.exe
9⤵
PID:1668

C:\Users\Admin\AppData\Local\Temp\Unicorn-4860.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-4860.exe
10⤵
PID:3156

C:\Users\Admin\AppData\Local\Temp\Unicorn-16701.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-16701.exe
11⤵
PID:4792

C:\Users\Admin\AppData\Local\Temp\Unicorn-3605.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-3605.exe
12⤵
PID:7292

C:\Users\Admin\AppData\Local\Temp\Unicorn-61742.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-61742.exe
13⤵
PID:9292

C:\Users\Admin\AppData\Local\Temp\Unicorn-51984.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-51984.exe
14⤵
PID:12860

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9292 -s 216
14⤵
PID:12812

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7292 -s 216
13⤵
PID:11072

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4792 -s 216
12⤵
PID:8828

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3156 -s 216
11⤵
PID:6476

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1668 -s 236
10⤵
PID:5100

C:\Users\Admin\AppData\Local\Temp\Unicorn-48036.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-48036.exe
9⤵
PID:3228

C:\Users\Admin\AppData\Local\Temp\Unicorn-48541.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-48541.exe
10⤵
PID:5448

C:\Users\Admin\AppData\Local\Temp\Unicorn-4072.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-4072.exe
11⤵
PID:8144

C:\Users\Admin\AppData\Local\Temp\Unicorn-42797.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-42797.exe
12⤵
PID:11240

C:\Users\Admin\AppData\Local\Temp\Unicorn-7232.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-7232.exe
13⤵
PID:7876

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8144 -s 216
12⤵
PID:11832

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5448 -s 216
11⤵
PID:8448

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3228 -s 216
10⤵
PID:7156

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 844 -s 220
9⤵
PID:4376

C:\Users\Admin\AppData\Local\Temp\Unicorn-26039.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-26039.exe
8⤵
PID:348

C:\Users\Admin\AppData\Local\Temp\Unicorn-32944.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-32944.exe
9⤵
PID:3420

C:\Users\Admin\AppData\Local\Temp\Unicorn-485.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-485.exe
10⤵
PID:5980

C:\Users\Admin\AppData\Local\Temp\Unicorn-14163.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-14163.exe
11⤵
PID:8148

C:\Users\Admin\AppData\Local\Temp\Unicorn-9390.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-9390.exe
12⤵
PID:11032

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8148 -s 236
12⤵
PID:11988

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5980 -s 216
11⤵
PID:9332

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3420 -s 236
10⤵
PID:6660

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 348 -s 236
9⤵
PID:5248

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2356 -s 240
8⤵
- Program crash
PID:3672

C:\Users\Admin\AppData\Local\Temp\Unicorn-14359.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-14359.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1268

C:\Users\Admin\AppData\Local\Temp\Unicorn-57550.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-57550.exe
8⤵
PID:2424

C:\Users\Admin\AppData\Local\Temp\Unicorn-39116.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-39116.exe
9⤵
PID:3316

C:\Users\Admin\AppData\Local\Temp\Unicorn-27578.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-27578.exe
10⤵
PID:4868

C:\Users\Admin\AppData\Local\Temp\Unicorn-58878.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-58878.exe
11⤵
PID:7704

C:\Users\Admin\AppData\Local\Temp\Unicorn-12406.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-12406.exe
12⤵
PID:9676

C:\Users\Admin\AppData\Local\Temp\Unicorn-53401.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-53401.exe
13⤵
PID:12992

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9676 -s 216
13⤵
PID:13004

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7704 -s 216
12⤵
PID:11108

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4868 -s 236
11⤵
PID:8316

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3316 -s 216
10⤵
PID:6752

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2424 -s 236
9⤵
PID:4548

C:\Users\Admin\AppData\Local\Temp\Unicorn-693.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-693.exe
8⤵
PID:3356

C:\Users\Admin\AppData\Local\Temp\Unicorn-27868.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-27868.exe
9⤵
PID:4648

C:\Users\Admin\AppData\Local\Temp\Unicorn-60187.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-60187.exe
10⤵
PID:6416

C:\Users\Admin\AppData\Local\Temp\Unicorn-51990.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-51990.exe
11⤵
PID:9368

C:\Users\Admin\AppData\Local\Temp\Unicorn-18478.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-18478.exe
12⤵
PID:12532

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9368 -s 216
12⤵
PID:12632

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6416 -s 216
11⤵
PID:10588

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4648 -s 216
10⤵
PID:1592

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3356 -s 236
9⤵
PID:6172

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1268 -s 240
8⤵
PID:4580

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1096 -s 240
7⤵
- Program crash
PID:2996

C:\Users\Admin\AppData\Local\Temp\Unicorn-15466.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-15466.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:3064

C:\Users\Admin\AppData\Local\Temp\Unicorn-30577.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-30577.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1832

C:\Users\Admin\AppData\Local\Temp\Unicorn-38572.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-38572.exe
8⤵
PID:1636

C:\Users\Admin\AppData\Local\Temp\Unicorn-50646.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-50646.exe
9⤵
PID:3424

C:\Users\Admin\AppData\Local\Temp\Unicorn-6364.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-6364.exe
10⤵
PID:4552

C:\Users\Admin\AppData\Local\Temp\Unicorn-28063.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-28063.exe
11⤵
PID:5688

C:\Users\Admin\AppData\Local\Temp\Unicorn-51785.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-51785.exe
12⤵
PID:9192

C:\Users\Admin\AppData\Local\Temp\Unicorn-27070.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-27070.exe
13⤵
PID:11456

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9192 -s 216
13⤵
PID:11480

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5688 -s 216
12⤵
PID:10208

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4552 -s 236
11⤵
PID:7772

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3424 -s 236
10⤵
PID:5544

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1636 -s 236
9⤵
PID:4276

C:\Users\Admin\AppData\Local\Temp\Unicorn-13183.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-13183.exe
8⤵
PID:3456

C:\Users\Admin\AppData\Local\Temp\Unicorn-42462.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-42462.exe
9⤵
PID:4360

C:\Users\Admin\AppData\Local\Temp\Unicorn-16906.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-16906.exe
10⤵
PID:5356

C:\Users\Admin\AppData\Local\Temp\Unicorn-54660.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-54660.exe
11⤵
PID:9160

C:\Users\Admin\AppData\Local\Temp\Unicorn-36060.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-36060.exe
12⤵
PID:10760

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9160 -s 216
12⤵
PID:11904

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5356 -s 216
11⤵
PID:10180

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4360 -s 216
10⤵
PID:7680

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3456 -s 216
9⤵
PID:5196

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1832 -s 240
8⤵
- Program crash
PID:3180

C:\Users\Admin\AppData\Local\Temp\Unicorn-18706.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-18706.exe
7⤵
PID:2536

C:\Users\Admin\AppData\Local\Temp\Unicorn-2618.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-2618.exe
8⤵
PID:3508

C:\Users\Admin\AppData\Local\Temp\Unicorn-53536.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-53536.exe
9⤵
PID:4476

C:\Users\Admin\AppData\Local\Temp\Unicorn-28063.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-28063.exe
10⤵
PID:6108

C:\Users\Admin\AppData\Local\Temp\Unicorn-43259.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-43259.exe
11⤵
PID:8224

C:\Users\Admin\AppData\Local\Temp\Unicorn-8948.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-8948.exe
12⤵
PID:11560

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8224 -s 216
12⤵
PID:11316

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6108 -s 216
11⤵
PID:10228

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4476 -s 216
10⤵
PID:7780

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3508 -s 236
9⤵
PID:5504

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2536 -s 236
8⤵
PID:4348

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3064 -s 240
7⤵
- Program crash
PID:3372

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1492 -s 240
6⤵
- Program crash
PID:2220

C:\Users\Admin\AppData\Local\Temp\Unicorn-42901.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-42901.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1544

C:\Users\Admin\AppData\Local\Temp\Unicorn-32836.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-32836.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2720

C:\Users\Admin\AppData\Local\Temp\Unicorn-34225.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-34225.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:3060

C:\Users\Admin\AppData\Local\Temp\Unicorn-33736.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-33736.exe
8⤵
PID:2652

C:\Users\Admin\AppData\Local\Temp\Unicorn-28929.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-28929.exe
9⤵
PID:3756

C:\Users\Admin\AppData\Local\Temp\Unicorn-36161.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-36161.exe
10⤵
PID:5076

C:\Users\Admin\AppData\Local\Temp\Unicorn-53317.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-53317.exe
11⤵
PID:6148

C:\Users\Admin\AppData\Local\Temp\Unicorn-30081.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-30081.exe
12⤵
PID:9736

C:\Users\Admin\AppData\Local\Temp\Unicorn-33551.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-33551.exe
13⤵
PID:12688

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9736 -s 216
13⤵
PID:5800

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6148 -s 216
12⤵
PID:10736

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5076 -s 216
11⤵
PID:8500

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3756 -s 236
10⤵
PID:6364

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2652 -s 236
9⤵
PID:4932

C:\Users\Admin\AppData\Local\Temp\Unicorn-20137.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-20137.exe
8⤵
PID:3800

C:\Users\Admin\AppData\Local\Temp\Unicorn-19140.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-19140.exe
9⤵
PID:5024

C:\Users\Admin\AppData\Local\Temp\Unicorn-12118.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-12118.exe
10⤵
PID:6888

C:\Users\Admin\AppData\Local\Temp\Unicorn-26573.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-26573.exe
11⤵
PID:9656

C:\Users\Admin\AppData\Local\Temp\Unicorn-20085.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-20085.exe
12⤵
PID:12744

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9656 -s 216
12⤵
PID:12788

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6888 -s 216
11⤵
PID:10720

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5024 -s 216
10⤵
PID:8492

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3800 -s 216
9⤵
PID:6348

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3060 -s 240
8⤵
PID:4916

C:\Users\Admin\AppData\Local\Temp\Unicorn-52521.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-52521.exe
7⤵
PID:2068

C:\Users\Admin\AppData\Local\Temp\Unicorn-30211.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-30211.exe
8⤵
PID:3988

C:\Users\Admin\AppData\Local\Temp\Unicorn-37121.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-37121.exe
9⤵
PID:4888

C:\Users\Admin\AppData\Local\Temp\Unicorn-36683.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-36683.exe
10⤵
PID:7408

C:\Users\Admin\AppData\Local\Temp\Unicorn-237.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-237.exe
11⤵
PID:9716

C:\Users\Admin\AppData\Local\Temp\Unicorn-59021.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-59021.exe
12⤵
PID:12908

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9716 -s 216
12⤵
PID:12940

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7408 -s 216
11⤵
PID:11116

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4888 -s 216
10⤵
PID:8968

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3988 -s 216
9⤵
PID:6508

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2068 -s 236
8⤵
PID:4160

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2720 -s 240
7⤵
- Program crash
PID:3388

C:\Users\Admin\AppData\Local\Temp\Unicorn-24857.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-24857.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:916

C:\Users\Admin\AppData\Local\Temp\Unicorn-1110.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-1110.exe
7⤵
PID:1768

C:\Users\Admin\AppData\Local\Temp\Unicorn-57377.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-57377.exe
7⤵
PID:3280

C:\Users\Admin\AppData\Local\Temp\Unicorn-54988.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-54988.exe
8⤵
PID:5004

C:\Users\Admin\AppData\Local\Temp\Unicorn-63943.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-63943.exe
9⤵
PID:7844

C:\Users\Admin\AppData\Local\Temp\Unicorn-32737.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-32737.exe
10⤵
PID:10112

C:\Users\Admin\AppData\Local\Temp\Unicorn-18533.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-18533.exe
11⤵
PID:5476

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10112 -s 216
11⤵
PID:7120

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7844 -s 216
10⤵
PID:10676

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5004 -s 216
9⤵
PID:8456

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3280 -s 236
8⤵
PID:6764

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 916 -s 240
7⤵
PID:4568

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1544 -s 240
6⤵
- Program crash
PID:2872

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2860 -s 240
5⤵
- Program crash
PID:1520

C:\Users\Admin\AppData\Local\Temp\Unicorn-62353.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-62353.exe
4⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1156

C:\Users\Admin\AppData\Local\Temp\Unicorn-12362.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-12362.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2952

C:\Users\Admin\AppData\Local\Temp\Unicorn-60277.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-60277.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:3000

C:\Users\Admin\AppData\Local\Temp\Unicorn-32689.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-32689.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:340

C:\Users\Admin\AppData\Local\Temp\Unicorn-43409.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-43409.exe
8⤵
PID:972

C:\Users\Admin\AppData\Local\Temp\Unicorn-58834.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-58834.exe
9⤵
PID:3396

C:\Users\Admin\AppData\Local\Temp\Unicorn-2390.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-2390.exe
10⤵
PID:5836

C:\Users\Admin\AppData\Local\Temp\Unicorn-5321.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-5321.exe
11⤵
PID:8664

C:\Users\Admin\AppData\Local\Temp\Unicorn-14471.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-14471.exe
12⤵
PID:10920

C:\Users\Admin\AppData\Local\Temp\Unicorn-21948.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-21948.exe
13⤵
PID:5484

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10920 -s 216
13⤵
PID:12640

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8664 -s 216
12⤵
PID:11576

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5836 -s 216
11⤵
PID:9868

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3396 -s 216
10⤵
PID:7392

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 972 -s 216
9⤵
PID:5708

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 340 -s 236
8⤵
- Program crash
PID:3980

C:\Users\Admin\AppData\Local\Temp\Unicorn-40756.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-40756.exe
7⤵
PID:1840

C:\Users\Admin\AppData\Local\Temp\Unicorn-44885.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-44885.exe
8⤵
PID:3260

C:\Users\Admin\AppData\Local\Temp\Unicorn-4502.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-4502.exe
9⤵
PID:6112

C:\Users\Admin\AppData\Local\Temp\Unicorn-13598.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-13598.exe
10⤵
PID:8636

C:\Users\Admin\AppData\Local\Temp\Unicorn-61591.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-61591.exe
11⤵
PID:11000

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8636 -s 216
11⤵
PID:12224

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6112 -s 216
10⤵
PID:9912

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3260 -s 216
9⤵
PID:7432

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1840 -s 216
8⤵
PID:5812

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3000 -s 240
7⤵
- Program crash
PID:3632

C:\Users\Admin\AppData\Local\Temp\Unicorn-11152.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-11152.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1504

C:\Users\Admin\AppData\Local\Temp\Unicorn-32724.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-32724.exe
7⤵
PID:1404

C:\Users\Admin\AppData\Local\Temp\Unicorn-47808.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-47808.exe
8⤵
PID:4032

C:\Users\Admin\AppData\Local\Temp\Unicorn-1215.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-1215.exe
9⤵
PID:5056

C:\Users\Admin\AppData\Local\Temp\Unicorn-60616.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-60616.exe
10⤵
PID:7332

C:\Users\Admin\AppData\Local\Temp\Unicorn-40512.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-40512.exe
11⤵
PID:10120

C:\Users\Admin\AppData\Local\Temp\Unicorn-48699.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-48699.exe
12⤵
PID:12776

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10120 -s 216
12⤵
PID:12872

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7332 -s 216
11⤵
PID:10980

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5056 -s 216
10⤵
PID:8856

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4032 -s 216
9⤵
PID:6436

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1404 -s 236
8⤵
PID:5084

C:\Users\Admin\AppData\Local\Temp\Unicorn-49572.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-49572.exe
7⤵
PID:4064

C:\Users\Admin\AppData\Local\Temp\Unicorn-9020.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-9020.exe
8⤵
PID:5052

C:\Users\Admin\AppData\Local\Temp\Unicorn-33696.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-33696.exe
9⤵
PID:7124

C:\Users\Admin\AppData\Local\Temp\Unicorn-7735.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-7735.exe
10⤵
PID:9772

C:\Users\Admin\AppData\Local\Temp\Unicorn-56676.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-56676.exe
11⤵
PID:11616

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9772 -s 216
11⤵
PID:12368

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7124 -s 236
10⤵
PID:10800

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5052 -s 216
9⤵
PID:8428

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4064 -s 216
8⤵
PID:6612

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1504 -s 220
7⤵
PID:4368

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2952 -s 240
6⤵
- Program crash
PID:1340

C:\Users\Admin\AppData\Local\Temp\Unicorn-53157.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-53157.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1236

C:\Users\Admin\AppData\Local\Temp\Unicorn-22378.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-22378.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:292

C:\Users\Admin\AppData\Local\Temp\Unicorn-2241.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-2241.exe
7⤵
PID:2384

C:\Users\Admin\AppData\Local\Temp\Unicorn-57351.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-57351.exe
8⤵
PID:3580

C:\Users\Admin\AppData\Local\Temp\Unicorn-44853.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-44853.exe
9⤵
PID:4836

C:\Users\Admin\AppData\Local\Temp\Unicorn-57629.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-57629.exe
10⤵
PID:6704

C:\Users\Admin\AppData\Local\Temp\Unicorn-9219.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-9219.exe
11⤵
PID:9636

C:\Users\Admin\AppData\Local\Temp\Unicorn-40969.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-40969.exe
12⤵
PID:12588

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9636 -s 216
12⤵
PID:12672

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6704 -s 216
11⤵
PID:10712

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4836 -s 236
10⤵
PID:8272

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3580 -s 216
9⤵
PID:6284

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2384 -s 236
8⤵
PID:4876

C:\Users\Admin\AppData\Local\Temp\Unicorn-28196.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-28196.exe
7⤵
PID:3616

C:\Users\Admin\AppData\Local\Temp\Unicorn-61874.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-61874.exe
8⤵
PID:4772

C:\Users\Admin\AppData\Local\Temp\Unicorn-4749.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-4749.exe
9⤵
PID:6924

C:\Users\Admin\AppData\Local\Temp\Unicorn-13827.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-13827.exe
10⤵
PID:9696

C:\Users\Admin\AppData\Local\Temp\Unicorn-21644.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-21644.exe
11⤵
PID:12620

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9696 -s 216
11⤵
PID:12704

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6924 -s 216
10⤵
PID:10728

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4772 -s 216
9⤵
PID:8308

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3616 -s 216
8⤵
PID:6272

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 292 -s 240
7⤵
PID:4852

C:\Users\Admin\AppData\Local\Temp\Unicorn-689.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-689.exe
6⤵
PID:2784

C:\Users\Admin\AppData\Local\Temp\Unicorn-48768.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-48768.exe
7⤵
PID:3920

C:\Users\Admin\AppData\Local\Temp\Unicorn-49731.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-49731.exe
8⤵
PID:4620

C:\Users\Admin\AppData\Local\Temp\Unicorn-30624.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-30624.exe
9⤵
PID:6820

C:\Users\Admin\AppData\Local\Temp\Unicorn-9795.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-9795.exe
10⤵
PID:9592

C:\Users\Admin\AppData\Local\Temp\Unicorn-40780.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-40780.exe
11⤵
PID:12716

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9592 -s 216
11⤵
PID:12752

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6820 -s 236
10⤵
PID:10704

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4620 -s 216
9⤵
PID:8280

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3920 -s 216
8⤵
PID:6424

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2784 -s 236
7⤵
PID:5032

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1236 -s 240
6⤵
- Program crash
PID:3484

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1156 -s 240
5⤵
- Program crash
PID:1460

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2692 -s 240
4⤵
- Loads dropped DLL
- Program crash
PID:1776

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2140 -s 240
3⤵
- Loads dropped DLL
- Program crash
PID:2508

C:\Users\Admin\AppData\Local\Temp\Unicorn-10588.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-10588.exe
2⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2712

C:\Users\Admin\AppData\Local\Temp\Unicorn-62917.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-62917.exe
3⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2476

C:\Users\Admin\AppData\Local\Temp\Unicorn-58494.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-58494.exe
4⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
PID:2664

C:\Users\Admin\AppData\Local\Temp\Unicorn-17471.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-17471.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2504

C:\Users\Admin\AppData\Local\Temp\Unicorn-35689.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-35689.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:788

C:\Users\Admin\AppData\Local\Temp\Unicorn-19079.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-19079.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2840

C:\Users\Admin\AppData\Local\Temp\Unicorn-4588.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-4588.exe
8⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2648

C:\Users\Admin\AppData\Local\Temp\Unicorn-10326.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-10326.exe
9⤵
PID:2464

C:\Users\Admin\AppData\Local\Temp\Unicorn-6049.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-6049.exe
10⤵
PID:3688

C:\Users\Admin\AppData\Local\Temp\Unicorn-11177.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-11177.exe
11⤵
PID:5384

C:\Users\Admin\AppData\Local\Temp\Unicorn-15832.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-15832.exe
12⤵
PID:7920

C:\Users\Admin\AppData\Local\Temp\Unicorn-30628.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-30628.exe
13⤵
PID:10416

C:\Users\Admin\AppData\Local\Temp\Unicorn-39516.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-39516.exe
14⤵
PID:7900

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7920 -s 236
13⤵
PID:11864

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5384 -s 216
12⤵
PID:8292

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3688 -s 236
11⤵
PID:7140

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2464 -s 236
10⤵
PID:4672

C:\Users\Admin\AppData\Local\Temp\Unicorn-35659.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-35659.exe
9⤵
PID:3768

C:\Users\Admin\AppData\Local\Temp\Unicorn-42236.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-42236.exe
10⤵
PID:5412

C:\Users\Admin\AppData\Local\Temp\Unicorn-6490.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-6490.exe
11⤵
PID:7764

C:\Users\Admin\AppData\Local\Temp\Unicorn-29808.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-29808.exe
12⤵
PID:11184

C:\Users\Admin\AppData\Local\Temp\Unicorn-33788.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-33788.exe
13⤵
PID:13292

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7764 -s 236
12⤵
PID:11796

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5412 -s 216
11⤵
PID:9156

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3768 -s 236
10⤵
PID:7148

C:\Users\Admin\AppData\Local\Temp\Unicorn-8250.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-8250.exe
8⤵
PID:1220

C:\Users\Admin\AppData\Local\Temp\Unicorn-14326.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-14326.exe
9⤵
PID:3100

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3100 -s 240
10⤵
PID:6316

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1220 -s 236
9⤵
PID:4708

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2840 -s 240
8⤵
- Program crash
PID:3552

C:\Users\Admin\AppData\Local\Temp\Unicorn-15641.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-15641.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2568

C:\Users\Admin\AppData\Local\Temp\Unicorn-18980.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-18980.exe
8⤵
PID:3852

C:\Users\Admin\AppData\Local\Temp\Unicorn-37774.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-37774.exe
9⤵
PID:5008

C:\Users\Admin\AppData\Local\Temp\Unicorn-14203.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-14203.exe
10⤵
PID:6996

C:\Users\Admin\AppData\Local\Temp\Unicorn-46237.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-46237.exe
11⤵
PID:8476

C:\Users\Admin\AppData\Local\Temp\Unicorn-21749.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-21749.exe
12⤵
PID:12180

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8476 -s 236
12⤵
PID:13296

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6996 -s 216
11⤵
PID:10476

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5008 -s 216
10⤵
PID:7544

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3852 -s 216
9⤵
PID:5420

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2568 -s 216
8⤵
PID:4256

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 788 -s 240
7⤵
- Program crash
PID:568

C:\Users\Admin\AppData\Local\Temp\Unicorn-51045.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-51045.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2980

C:\Users\Admin\AppData\Local\Temp\Unicorn-35507.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-35507.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2460

C:\Users\Admin\AppData\Local\Temp\Unicorn-64016.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-64016.exe
8⤵
PID:3044

C:\Users\Admin\AppData\Local\Temp\Unicorn-54573.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-54573.exe
9⤵
PID:3832

C:\Users\Admin\AppData\Local\Temp\Unicorn-5166.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-5166.exe
10⤵
PID:5132

C:\Users\Admin\AppData\Local\Temp\Unicorn-9607.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-9607.exe
11⤵
PID:8328

C:\Users\Admin\AppData\Local\Temp\Unicorn-27549.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-27549.exe
12⤵
PID:10564

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8328 -s 216
12⤵
PID:12212

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5132 -s 216
11⤵
PID:9472

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3832 -s 216
10⤵
PID:6392

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3044 -s 236
9⤵
PID:5344

C:\Users\Admin\AppData\Local\Temp\Unicorn-55014.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-55014.exe
8⤵
PID:2580

C:\Users\Admin\AppData\Local\Temp\Unicorn-43101.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-43101.exe
9⤵
PID:5396

C:\Users\Admin\AppData\Local\Temp\Unicorn-1927.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-1927.exe
10⤵
PID:8368

C:\Users\Admin\AppData\Local\Temp\Unicorn-7330.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-7330.exe
11⤵
PID:10568

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8368 -s 216
11⤵
PID:12048

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5396 -s 216
10⤵
PID:9532

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2580 -s 236
9⤵
PID:7188

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2460 -s 240
8⤵
PID:5524

C:\Users\Admin\AppData\Local\Temp\Unicorn-41654.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-41654.exe
7⤵
PID:1424

C:\Users\Admin\AppData\Local\Temp\Unicorn-14371.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-14371.exe
8⤵
PID:4144

C:\Users\Admin\AppData\Local\Temp\Unicorn-61783.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-61783.exe
9⤵
PID:5424

C:\Users\Admin\AppData\Local\Temp\Unicorn-51201.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-51201.exe
10⤵
PID:8936

C:\Users\Admin\AppData\Local\Temp\Unicorn-41358.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-41358.exe
11⤵
PID:10456

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8936 -s 216
11⤵
PID:11424

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5424 -s 216
10⤵
PID:9948

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4144 -s 236
9⤵
PID:7528

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1424 -s 216
8⤵
PID:5928

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2980 -s 240
7⤵
- Program crash
PID:3816

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2504 -s 240
6⤵
- Program crash
PID:2264

C:\Users\Admin\AppData\Local\Temp\Unicorn-58226.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-58226.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2236

C:\Users\Admin\AppData\Local\Temp\Unicorn-62270.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-62270.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:840

C:\Users\Admin\AppData\Local\Temp\Unicorn-7660.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-7660.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1256

C:\Users\Admin\AppData\Local\Temp\Unicorn-61198.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-61198.exe
8⤵
PID:2428

C:\Users\Admin\AppData\Local\Temp\Unicorn-1958.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-1958.exe
9⤵
PID:3336

C:\Users\Admin\AppData\Local\Temp\Unicorn-39505.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-39505.exe
10⤵
PID:5168

C:\Users\Admin\AppData\Local\Temp\Unicorn-55373.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-55373.exe
11⤵
PID:8760

C:\Users\Admin\AppData\Local\Temp\Unicorn-5255.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-5255.exe
12⤵
PID:1932

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8760 -s 216
12⤵
PID:11664

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5168 -s 216
11⤵
PID:9924

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3336 -s 236
10⤵
PID:7440

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2428 -s 216
9⤵
PID:5860

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1256 -s 236
8⤵
- Program crash
PID:4052

C:\Users\Admin\AppData\Local\Temp\Unicorn-46782.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-46782.exe
7⤵
PID:1232

C:\Users\Admin\AppData\Local\Temp\Unicorn-12186.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-12186.exe
8⤵
PID:3448

C:\Users\Admin\AppData\Local\Temp\Unicorn-64035.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-64035.exe
9⤵
PID:5604

C:\Users\Admin\AppData\Local\Temp\Unicorn-55897.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-55897.exe
10⤵
PID:8404

C:\Users\Admin\AppData\Local\Temp\Unicorn-16672.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-16672.exe
11⤵
PID:10928

C:\Users\Admin\AppData\Local\Temp\Unicorn-1451.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-1451.exe
12⤵
PID:13088

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10928 -s 216
12⤵
PID:7068

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8404 -s 216
11⤵
PID:12072

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5604 -s 216
10⤵
PID:9516

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3448 -s 216
9⤵
PID:7232

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1232 -s 236
8⤵
PID:5592

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 840 -s 240
7⤵
- Program crash
PID:3472

C:\Users\Admin\AppData\Local\Temp\Unicorn-6544.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-6544.exe
6⤵
PID:2680

C:\Users\Admin\AppData\Local\Temp\Unicorn-9366.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-9366.exe
7⤵
PID:1016

C:\Users\Admin\AppData\Local\Temp\Unicorn-54262.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-54262.exe
8⤵
PID:3176

C:\Users\Admin\AppData\Local\Temp\Unicorn-41233.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-41233.exe
9⤵
PID:6032

C:\Users\Admin\AppData\Local\Temp\Unicorn-22867.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-22867.exe
10⤵
PID:8720

C:\Users\Admin\AppData\Local\Temp\Unicorn-61399.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-61399.exe
11⤵
PID:11148

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8720 -s 216
11⤵
PID:12260

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6032 -s 216
10⤵
PID:9996

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3176 -s 216
9⤵
PID:7376

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1016 -s 216
8⤵
PID:5804

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2680 -s 236
7⤵
- Program crash
PID:4044

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2236 -s 240
6⤵
- Program crash
PID:2028

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2664 -s 240
5⤵
- Program crash
PID:2704

C:\Users\Admin\AppData\Local\Temp\Unicorn-15586.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-15586.exe
4⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1368

C:\Users\Admin\AppData\Local\Temp\Unicorn-32809.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-32809.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1576

C:\Users\Admin\AppData\Local\Temp\Unicorn-64766.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-64766.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2800

C:\Users\Admin\AppData\Local\Temp\Unicorn-57432.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-57432.exe
7⤵
PID:2320

C:\Users\Admin\AppData\Local\Temp\Unicorn-35039.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-35039.exe
8⤵
PID:3212

C:\Users\Admin\AppData\Local\Temp\Unicorn-27708.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-27708.exe
9⤵
PID:3928

C:\Users\Admin\AppData\Local\Temp\Unicorn-58010.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-58010.exe
10⤵
PID:5216

C:\Users\Admin\AppData\Local\Temp\Unicorn-37664.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-37664.exe
11⤵
PID:8416

C:\Users\Admin\AppData\Local\Temp\Unicorn-29566.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-29566.exe
12⤵
PID:11428

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8416 -s 216
12⤵
PID:11948

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5216 -s 216
11⤵
PID:9352

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3928 -s 236
10⤵
PID:6916

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3212 -s 236
9⤵
PID:5488

C:\Users\Admin\AppData\Local\Temp\Unicorn-31324.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-31324.exe
8⤵
PID:3348

C:\Users\Admin\AppData\Local\Temp\Unicorn-1430.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-1430.exe
9⤵
PID:5740

C:\Users\Admin\AppData\Local\Temp\Unicorn-10453.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-10453.exe
10⤵
PID:8524

C:\Users\Admin\AppData\Local\Temp\Unicorn-5255.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-5255.exe
11⤵
PID:2360

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8524 -s 216
11⤵
PID:11656

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5740 -s 216
10⤵
PID:9828

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3348 -s 216
9⤵
PID:7384

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2320 -s 220
8⤵
PID:5700

C:\Users\Admin\AppData\Local\Temp\Unicorn-15173.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-15173.exe
7⤵
PID:3220

C:\Users\Admin\AppData\Local\Temp\Unicorn-50500.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-50500.exe
8⤵
PID:4396

C:\Users\Admin\AppData\Local\Temp\Unicorn-50512.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-50512.exe
9⤵
PID:6012

C:\Users\Admin\AppData\Local\Temp\Unicorn-30322.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-30322.exe
10⤵
PID:1716

C:\Users\Admin\AppData\Local\Temp\Unicorn-50707.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-50707.exe
11⤵
PID:11280

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1716 -s 236
11⤵
PID:12164

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6012 -s 216
10⤵
PID:10220

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4396 -s 216
9⤵
PID:7752

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3220 -s 216
8⤵
PID:5432

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2800 -s 220
7⤵
- Program crash
PID:3744

C:\Users\Admin\AppData\Local\Temp\Unicorn-51677.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-51677.exe
6⤵
PID:688

C:\Users\Admin\AppData\Local\Temp\Unicorn-8337.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-8337.exe
7⤵
PID:3528

C:\Users\Admin\AppData\Local\Temp\Unicorn-56226.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-56226.exe
8⤵
PID:5124

C:\Users\Admin\AppData\Local\Temp\Unicorn-23013.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-23013.exe
9⤵
PID:8136

C:\Users\Admin\AppData\Local\Temp\Unicorn-14399.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-14399.exe
10⤵
PID:10904

C:\Users\Admin\AppData\Local\Temp\Unicorn-50398.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-50398.exe
11⤵
PID:7072

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10904 -s 236
11⤵
PID:7660

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8136 -s 216
10⤵
PID:11696

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5124 -s 216
9⤵
PID:8840

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3528 -s 216
8⤵
PID:6892

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 688 -s 216
7⤵
PID:4712

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1576 -s 240
6⤵
- Program crash
PID:1476

C:\Users\Admin\AppData\Local\Temp\Unicorn-37609.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-37609.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1292

C:\Users\Admin\AppData\Local\Temp\Unicorn-61182.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-61182.exe
6⤵
PID:2688

C:\Users\Admin\AppData\Local\Temp\Unicorn-3900.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-3900.exe
7⤵
PID:4080

C:\Users\Admin\AppData\Local\Temp\Unicorn-56960.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-56960.exe
8⤵
PID:4372

C:\Users\Admin\AppData\Local\Temp\Unicorn-9630.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-9630.exe
9⤵
PID:7476

C:\Users\Admin\AppData\Local\Temp\Unicorn-31296.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-31296.exe
10⤵
PID:10156

C:\Users\Admin\AppData\Local\Temp\Unicorn-28051.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-28051.exe
11⤵
PID:12948

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10156 -s 216
11⤵
PID:13012

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7476 -s 216
10⤵
PID:11040

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4372 -s 216
9⤵
PID:9040

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4080 -s 216
8⤵
PID:6628

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2688 -s 236
7⤵
PID:4416

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1292 -s 216
6⤵
- Program crash
PID:3736

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1368 -s 240
5⤵
- Program crash
PID:876

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2476 -s 240
4⤵
- Loads dropped DLL
- Program crash
PID:1464

C:\Users\Admin\AppData\Local\Temp\Unicorn-20647.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-20647.exe
3⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
PID:1208

C:\Users\Admin\AppData\Local\Temp\Unicorn-17663.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-17663.exe
4⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1108

C:\Users\Admin\AppData\Local\Temp\Unicorn-62658.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-62658.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1740

C:\Users\Admin\AppData\Local\Temp\Unicorn-49089.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-49089.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1548

C:\Users\Admin\AppData\Local\Temp\Unicorn-58361.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-58361.exe
7⤵
PID:1372

C:\Users\Admin\AppData\Local\Temp\Unicorn-1551.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-1551.exe
8⤵
PID:1992

C:\Users\Admin\AppData\Local\Temp\Unicorn-25683.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-25683.exe
9⤵
PID:4960

C:\Users\Admin\AppData\Local\Temp\Unicorn-28778.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-28778.exe
10⤵
PID:6964

C:\Users\Admin\AppData\Local\Temp\Unicorn-24416.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-24416.exe
11⤵
PID:9068

C:\Users\Admin\AppData\Local\Temp\Unicorn-46448.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-46448.exe
12⤵
PID:12380

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9068 -s 236
12⤵
PID:12408

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6964 -s 236
11⤵
PID:10484

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1992 -s 216
9⤵
PID:6120

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1372 -s 216
8⤵
- Program crash
PID:4248

C:\Users\Admin\AppData\Local\Temp\Unicorn-28473.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-28473.exe
7⤵
PID:2436

C:\Users\Admin\AppData\Local\Temp\Unicorn-10085.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-10085.exe
8⤵
PID:4716

C:\Users\Admin\AppData\Local\Temp\Unicorn-59374.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-59374.exe
9⤵
PID:6724

C:\Users\Admin\AppData\Local\Temp\Unicorn-15957.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-15957.exe
10⤵
PID:8412

C:\Users\Admin\AppData\Local\Temp\Unicorn-64083.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-64083.exe
11⤵
PID:11396

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8412 -s 216
11⤵
PID:13164

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6724 -s 236
10⤵
PID:10300

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4716 -s 216
9⤵
PID:7272

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2436 -s 216
8⤵
PID:5680

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1548 -s 240
7⤵
- Program crash
PID:3140

C:\Users\Admin\AppData\Local\Temp\Unicorn-39839.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-39839.exe
6⤵
PID:3032

C:\Users\Admin\AppData\Local\Temp\Unicorn-47763.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-47763.exe
7⤵
PID:2292

C:\Users\Admin\AppData\Local\Temp\Unicorn-7013.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-7013.exe
8⤵
PID:4640

C:\Users\Admin\AppData\Local\Temp\Unicorn-17283.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-17283.exe
9⤵
PID:6444

C:\Users\Admin\AppData\Local\Temp\Unicorn-3055.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-3055.exe
10⤵
PID:9056

C:\Users\Admin\AppData\Local\Temp\Unicorn-52360.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-52360.exe
11⤵
PID:12124

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9056 -s 236
11⤵
PID:13056

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6444 -s 216
10⤵
PID:9800

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4640 -s 216
9⤵
PID:8056

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2292 -s 236
8⤵
PID:5460

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3032 -s 236
7⤵
- Program crash
PID:3264

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1740 -s 240
6⤵
- Program crash
PID:2024

C:\Users\Admin\AppData\Local\Temp\Unicorn-56935.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-56935.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:760

C:\Users\Admin\AppData\Local\Temp\Unicorn-28927.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-28927.exe
6⤵
PID:1960

C:\Users\Admin\AppData\Local\Temp\Unicorn-40083.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-40083.exe
7⤵
PID:2452

C:\Users\Admin\AppData\Local\Temp\Unicorn-7205.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-7205.exe
8⤵
PID:4776

C:\Users\Admin\AppData\Local\Temp\Unicorn-63982.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-63982.exe
9⤵
PID:6588

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6588 -s 220
10⤵
PID:9212

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4776 -s 216
9⤵
PID:8112

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2452 -s 216
8⤵
PID:5784

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1960 -s 236
7⤵
- Program crash
PID:4104

C:\Users\Admin\AppData\Local\Temp\Unicorn-53300.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-53300.exe
6⤵
PID:2540

C:\Users\Admin\AppData\Local\Temp\Unicorn-17459.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-17459.exe
7⤵
PID:3300

C:\Users\Admin\AppData\Local\Temp\Unicorn-28708.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-28708.exe
8⤵
PID:5744

C:\Users\Admin\AppData\Local\Temp\Unicorn-11615.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-11615.exe
9⤵
PID:8180

C:\Users\Admin\AppData\Local\Temp\Unicorn-5280.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-5280.exe
10⤵
PID:10596

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8180 -s 216
10⤵
PID:11896

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5744 -s 236
9⤵
PID:9252

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3300 -s 236
8⤵
PID:6548

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2540 -s 236
7⤵
PID:5072

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 760 -s 240
6⤵
- Program crash
PID:3680

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1108 -s 240
5⤵
- Program crash
PID:1652

C:\Users\Admin\AppData\Local\Temp\Unicorn-8942.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-8942.exe
4⤵
- Executes dropped EXE
PID:2100

C:\Users\Admin\AppData\Local\Temp\Unicorn-47553.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-47553.exe
5⤵
- Suspicious use of SetWindowsHookEx
PID:1436

C:\Users\Admin\AppData\Local\Temp\Unicorn-61433.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-61433.exe
6⤵
PID:2448

C:\Users\Admin\AppData\Local\Temp\Unicorn-8337.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-8337.exe
7⤵
PID:3536

C:\Users\Admin\AppData\Local\Temp\Unicorn-58359.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-58359.exe
8⤵
PID:5172

C:\Users\Admin\AppData\Local\Temp\Unicorn-40610.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-40610.exe
9⤵
PID:8164

C:\Users\Admin\AppData\Local\Temp\Unicorn-58499.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-58499.exe
10⤵
PID:10860

C:\Users\Admin\AppData\Local\Temp\Unicorn-38997.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-38997.exe
11⤵
PID:13180

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10860 -s 236
11⤵
PID:7304

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8164 -s 216
10⤵
PID:11688

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5172 -s 236
9⤵
PID:8816

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3536 -s 216
8⤵
PID:6908

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2448 -s 236
7⤵
PID:4728

C:\Users\Admin\AppData\Local\Temp\Unicorn-18681.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-18681.exe
6⤵
PID:3116

C:\Users\Admin\AppData\Local\Temp\Unicorn-22446.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-22446.exe
7⤵
PID:3332

C:\Users\Admin\AppData\Local\Temp\Unicorn-44507.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-44507.exe
8⤵
PID:6020

C:\Users\Admin\AppData\Local\Temp\Unicorn-59607.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-59607.exe
9⤵
PID:7456

C:\Users\Admin\AppData\Local\Temp\Unicorn-31965.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-31965.exe
10⤵
PID:11052

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7456 -s 216
10⤵
PID:12096

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6020 -s 216
9⤵
PID:9356

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3332 -s 216
8⤵
PID:6736

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3116 -s 216
7⤵
PID:5268

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1436 -s 240
6⤵
- Program crash
PID:3692

C:\Users\Admin\AppData\Local\Temp\Unicorn-37374.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-37374.exe
5⤵
PID:948

C:\Users\Admin\AppData\Local\Temp\Unicorn-51292.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-51292.exe
6⤵
PID:3168

C:\Users\Admin\AppData\Local\Temp\Unicorn-35705.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-35705.exe
7⤵
PID:3152

C:\Users\Admin\AppData\Local\Temp\Unicorn-38161.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-38161.exe
8⤵
PID:5652

C:\Users\Admin\AppData\Local\Temp\Unicorn-53837.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-53837.exe
9⤵
PID:8592

C:\Users\Admin\AppData\Local\Temp\Unicorn-23813.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-23813.exe
10⤵
PID:11260

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8592 -s 216
10⤵
PID:11632

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5652 -s 216
9⤵
PID:9848

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3152 -s 216
8⤵
PID:7360

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3168 -s 216
7⤵
PID:5660

C:\Users\Admin\AppData\Local\Temp\Unicorn-35932.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-35932.exe
6⤵
PID:3712

C:\Users\Admin\AppData\Local\Temp\Unicorn-36625.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-36625.exe
7⤵
PID:5884

C:\Users\Admin\AppData\Local\Temp\Unicorn-23391.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-23391.exe
8⤵
PID:8560

C:\Users\Admin\AppData\Local\Temp\Unicorn-64412.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-64412.exe
9⤵
PID:11508

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8560 -s 216
9⤵
PID:11936

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5884 -s 216
8⤵
PID:9856

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3712 -s 216
7⤵
PID:7448

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 948 -s 240
6⤵
PID:5716

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2100 -s 240
5⤵
- Program crash
PID:2072

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1208 -s 240
4⤵
- Program crash
PID:2612

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2712 -s 240
3⤵
- Loads dropped DLL
- Program crash
PID:1416

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2368 -s 240
2⤵
- Program crash
PID:2584

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\Unicorn-15832.exe

Filesize
184KB

MD5
1383ebb79563a24b8d91d38bcc978476

SHA1
4658fa883fd9aa54b8380fe55fbc478c0b3fdf80

SHA256
0c5718d0ce01ccc2e5843ca55ee091d7747955a0edc813be66e9fe4031bfc8ea

SHA512
272012fa3cae8d867805b88ef9ec009304306b527c651320f91dd2084189e22c537d5b42cdb0ec12a62d97c0ef17c4ed963fb3a91b8c8d27c7d6faac542945e3

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-20647.exe

Filesize
184KB

MD5
e0712c9e15812ed22db8da646d1708ef

SHA1
c8a54e172a138e6718735c0d27aab9238d4e1c1c

SHA256
58d51f033744bdf8c3b4c33c25cd49ab4be954399da9888565efa1e41d0802ca

SHA512
88a1545a512f08a4e0f1e61089211afd493bbcbf7d928dc252ac8254284a9a2f6bfc9eb483ce7eb77e3fe313d36b2e393f8b5d89b55ff40e442f0de85bdb85b8

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-36865.exe

Filesize
184KB

MD5
0bb8b5564e642e81977a32d319923bd7

SHA1
044e51834320e342d2bca3f692ff631021ffd32a

SHA256
9a17b708cc4729773b7f3528a0ead9f9bb108449653147972613e122f7eb4b4c

SHA512
ce97f998b6f22eacb337712590e8bc9cc0d7a468a4f4d6dcafac4e0547e9797d7487bc79a71b9fa3dc80e901baf87aad933e1f8bdaf3fdb1fa4ad6ce5f21daa8

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-39839.exe

Filesize
184KB

MD5
f55bcccad1cd91a25d9b58598922abd8

SHA1
19ab202dc8ae64c44d7b69a1af5b868bf0cc43f8

SHA256
a57948ff5683d35bfba4dfbf55fb22b83f77cb273576df00baba4eebd745de01

SHA512
d104a917d061c8e88b7caffc4a1c339ecd772e425431feb0c4bff66708322df4129246afacbe53fa4ae556e0db6f368b0da18468654ff3a4a9e8be30a04b6be0

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-40610.exe

Filesize
184KB

MD5
ddd411d5337a51510a010d6dd13ac597

SHA1
c04967eb2f07944c0872e2336b4a10aaba12e542

SHA256
4bc1f4b2e4d4e90eecf2d6df974fc87307858a772cfc35f6c2a1b9524d6c3cb0

SHA512
fc5a9f015227cd326a074d5d5a0ff1a81bb3d4c4a9cd436d5d5530568df80c3ea36f630f4ea4e92b26938ee309fea5569030e5780bcc0a58e8e1d60736d2abbb

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-40756.exe

Filesize
184KB

MD5
c88aaa524703302ab65fadce4b00058d

SHA1
133da0083a16ad82eb5923a35b776ce01e0135f4

SHA256
41eca07ab1af8e9724bc77fe4295473c792da4288413565e1e0f9a1350a447ba

SHA512
5fd46656c518594871aafa0fe347ed4d9df270e94468095d0887c453baeb87fa36c663b99ddaddc0495c9ba40bfadceaf3c8cb83d7507dd63f78270257e8940c

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-5669.exe

Filesize
184KB

MD5
fde21aee622708d89eef62a6c055a564

SHA1
5770dd8812690f76e368fe1875b54415ac138b71

SHA256
a8016b052f78ad768c1f92cef17ef6909813c2194825ce6742c7dd6c26452a54

SHA512
94e42ba56db42252d792a7df06df742ac1770bc3f37034570854ce739dedffd80b453e824ee8e860b4c04b525d7cc7a27fec6cd28d4804c8c69c95a6aa59dbc4

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-6049.exe

Filesize
184KB

MD5
5ce06acad9321322dbffa23222ad9be9

SHA1
a1eea2b44dad46cd5a31fdc881a68b9a2beecaba

SHA256
45f86a1cc260aba0c3999dff8e2012d48ed6051db8c1ea80780cfe8cbd033f96

SHA512
36bff641cdf756a24b710a5041fd3176fc8035192e953f0256954b165fb6a45020919f3f87a2e5163569792c8169aae0ade98b5dc71e8625ebce5a58e6a593cc

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-62353.exe

Filesize
184KB

MD5
7b1cc0d7c1f0cb7c8cc60351904370f2

SHA1
739eb0215998f2c2ed8008968f721da7be053389

SHA256
0892e941d03556e308560045a27b89cd4f1134d4867b044371c2a06113463894

SHA512
17b56856770641c251253a547db211fd3a2977bd9bc86433a343a2759d657ef284c246a121d12b5cc97e52222e337bf3dfa8550830e93c0bc99a799e7d91bca8

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-10588.exe

Filesize
184KB

MD5
b798d2b9b97513249637808c48917a97

SHA1
cee3119b145d87244101c9fb6a5e74ac851e3370

SHA256
e8b724ec8978584efa8378e0e9692bbcda0e017aa7090c2e02b6c66e68cb1f17

SHA512
9379dde25b27867dfe1941f0442227a6abc60f17f187d0f673790807faf1ba9ad9dd98eeb9fe5fe9fbfe1ccb023f3d2c69cecc0fdef62ea6b035f8ded4e5d0c9

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-1187.exe

Filesize
184KB

MD5
73006e14e8857dc32088870164c0ae04

SHA1
ddf331fdd8b6016d01b9e578d5fa6776b6e91053

SHA256
a5adfb0136657382a3f2f37b410a78b3ef6c58315c03c064f81f34faee4536ad

SHA512
2a81cc9167d277105a1714bc38ed9c43148d1557ed60bfc420e007cfa7df38f92c6f537b6bad66ce1a947d44ef2a2636927ebbf927498101b76e7e2f73c2ec3f

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-17471.exe

Filesize
184KB

MD5
8d2b4294144689ffe75fa970ca9b4e67

SHA1
549c385d021d1e2eae1ab4a36605a69814add076

SHA256
80e16f4a9ec7d68e7eab1453b0ffd4d2d324b1a286409fc1b3a5e7ee5acc447d

SHA512
89d74dd9c4bb8eb4acefbe080ea56c2d90a1f42c5f4c0da12bcc8e4cfb96ee667383c3ce9b48c36aa6393d2ab60f864a95567baa6cb7746da3a838145d4c06bf

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-21053.exe

Filesize
184KB

MD5
27806e98d8c2462e8a579efc28a7c46a

SHA1
bbf4c54b95786e7f0720e4c6981cab1e216a5d41

SHA256
a4f0f0b609c0ac8630ae2fa2afd6c74e84b722db03a73c8a0f4ceea3c7544d1f

SHA512
c9aa6d17738d68f922a6629ca7f5ae1564db017f6e6a2b9ee64523ac8e9f7cfb37e85f757ef5ccd537417ec18363de9c614f4eece5a067411ea026d89bbdc8c9

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-28851.exe

Filesize
184KB

MD5
b3f3be011603d6b02d3501f6cf48d179

SHA1
e3cd882248602e7b1ebd60bb7ee6ab473a358837

SHA256
52f1b28bf70032a062a38f97c239bf1fa840804f74eda416590fd56fd3b0bf2a

SHA512
4b931ace1e88219a05766b4fa1a528668220e73fbc69db710c93e32ed7bcd58c6225d897d34329b78feed460ef70be3473c92169ab2cd44b1987a54eb601c99b

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-33644.exe

Filesize
184KB

MD5
6455093f6cc048b5810ecaf482122b9b

SHA1
283c23aa2d5436fc37d23bf29263cbfb6b0bb51e

SHA256
57dd1454274767a4fee45533c203411d8ee9fd63f70df3eda6d1aa3e2023cd70

SHA512
00622bb915c4de07412e10ded9090edf330baa5bf229970fe125b0186ba83b0e5361d7480701821710a021dccffd205484a462d4f0330ea7722b2ee090ead29b

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-48435.exe

Filesize
184KB

MD5
4557477026f209f46b59cd27b2aa5e80

SHA1
8edf6b02dea7cc90ca8af2e3c482cda9f12d5cde

SHA256
097d57504e3e5a2ec41080a562e7cc012666ac9ce730d0da7c6b59aaedeea4c9

SHA512
ffa51473fa380cc91b1643034123373b2dc2be8b79b67a143da871cff3bbedb4c4874eeef0427fd67a6f487a8fe89e6575f7a9f88ff95c14289f33bdd91eadcb

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-58494.exe

Filesize
184KB

MD5
47bb4babbf55fca6fb919cb8d301571f

SHA1
24c551a11db73a90fc5788275c0daacb56b43ef8

SHA256
73be881a3516bad74a53dd46b8ec28ea1188bf333febd34fd5b438efe3bc33a3

SHA512
f3af185cbbb70c5570673bd5f39400242b26513d7130a2776d85b01f293a5e236a8a82201473362fe736b9e5f941814a06626494ac9459b84693adbd5829ba0f

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-60265.exe

Filesize
184KB

MD5
e4bf3418d25d82de84986aaf7c7d5fee

SHA1
b1db29384f2ff2d6e06e4a83b919bf784d183976

SHA256
88e5084ece2088290e500641163288463a7bc376f7702d41c3611e9e6840ce50

SHA512
8686508f6896c0b4fa7b0531bfb4e013643b0c0befa2c2941d1d98c6113b12957d12642f2f3fef6cf543e3e589256ceb9462a484818abce952679ffe13f15272

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-62917.exe

Filesize
184KB

MD5
33b00ea13009b2752b9f86657b053882

SHA1
57d1a7d8207c2b3a2be215cbff5de7a3b7928cca

SHA256
ed1fdf118202fe748bc046a5bcb0cc26d5060e2eae00b407a8534301213e22ad

SHA512
148da25bf6cb971241caee80ed32f0c2daa77e7ae89c48e0b35796da9472a2bff2d2d8acace2dcb6ee72b10aab73777cb2d5b14673f42fa9f349d65a3dd075ae

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-7619.exe

Filesize
184KB

MD5
f804327eb7635fd214dfdd7b79ed13ba

SHA1
bf8aaa9d492e955c05de0864321647ca8bd55c24

SHA256
e885e46edb078e51159fb0d6147b0b04da15286ee6f28bbe8fe9c1e401c0d10e

SHA512
8cc64925b2cc8e68644a617ead3f539992149c4668cd47fb11fe242ab741b71bdb7f663ef127592dcc34a5463c7a7d6475cd2eb12a229e1c2a781fe5e59088d5

Download Submit